Dotting the "i"s in Identity

Tag Archives: Uncategorized

This is the new home for “Robin Wilton’s Esoterica”, a blog which originated on the now-defunct blogs.sun.com site in 2005, and then migrated to Blogger, as futureidentity.blogspot.com, in 2008.

Why the latest migration?

Well, I started using Blogger long before it was acquired by Google, and have since become more and more uneasy as Google started to engulf more and more of the online services that make the web an interactive and social place to be. I finally decided to ditch my Blogger account when Google unilaterally decided (1/3/2012) to make all its users’ data linkable, across all Google services, without the user’s consent.

Why is linkability such a big deal?

Because it erodes your ability to exercise consent, control and self-determination in your online activities. Simply put, when we interact socially we do so in a known context, and we adjust our interactions according to that context. That is normal, healthy human behaviour, and as social animals, we are used to identifying, maintaining and relying on contextual separation. You don’t, for example, tell your bank manager the same things you tell your spouse.

When a service provider like Google starts to join together the data you expose in different online contexts, it may not be a problem. It may even be what you intend. On the other hand, it may be something you explicitly wanted to avoid. (For example, you might be a women’s rights campaigner in a violently misogynistic society, and the wrong disclosure in the wrong context might put your life in danger).

The point is that, if data is to be joined across contextual boundaries, that needs to be done under the informed consent and explicit control of the data subject. It’s all the more important in a case like this, where the service I signed up to did not even belong to Google at that point. Google’s latest change to their privacy policy fundamentally undermines that principle, and I have no wish to help them do it.

News that SOCA has reached out of the UK and into the .com domain to take down a music download website has provoked quite a reaction in the twittersphere (at least, that slightly geeky, slightly legal, slightly subversive segment of it that is visible to me…).

Here are some examples of good comment, analysis and reaction from

Glyn Moody at ComputerWorldMel, at dajaz1.com (includes a useful screenshot of SOCA’s warning message)Lilian Edwards on the Pangloss blog.

In general, what I see is that even among those who acknowledge that SOCA may be acting within its remit here, very few say anything good about the way in which SOCA has acted – and I think they have a point.

In my opinion (and it is only that), if SOCA is going to insert its own splash page into a domain that has been taken down, they should stick to an objective statement of the legal justification for the takedown.

SOCA would doubtless argue that it has a duty to deter illegal activity, and that that justifies the splash page – but I do not believe it does SOCA’s credibility as a law enforcement agency any good to make the kind of assertions it makes in its warning. For example, they say:

“As a result of illegal downloads young, emerging artists may have had their careers damaged.”

That is quite possibly true. On the other hand, it is also true that young, emerging artists (and older esablished ones, come to that) have had their careers, health and even lives ruined by the commerical practices of the music industry – including, of course, all those artists whose careers simply never happened because the music industry did not think they would be profitable enough. The strength of the independent music community amply illustrates that the mainstream publishing cartel is neither entirely benevolent, nor (happily) indispensable.

Are SOCA, then, about to insist that when we visit Amazon in search of the latest CD, we must see a warning which reads:

“As a result of venal commercial practices young, emerging artists may have failed to get a career at all, or may have turned to drugs under the pressure of huge recording contracts and subsequently died in obscure penury in a pool of their own vomit”?

No?

Thought not.

I suppose what this boils down to is this: SOCA do not, ultimately, need to state an ethical justification for their action, only a legal one. Their rather clumsy attempt to stick a moral veneer on their law enforcement action in this case is ill-judged and poorly executed.

I apoplogise in advance, but I think some of these peeves have been simmering for a while now, and it would be healthier all round if I can permit myself a little vent. There are two advertising trends at the moment which are really starting to grate.

The first is when the advertiser treats us like imbeciles, incapable of logical thought. Two examples:

1 – the dishwasher tablet which is sold on the premise that, if you don’t use it, filth accumulates in your dishwasher’s plumbing tubes and is then swilled around your cutlery and crockery, bathing them in a vile brew which is, by implication, not far short of raw sewage. Of course, being imbeciles we fail to notice that the pipes into the dishwasher come from the water main, and are presumably not already clogged with sewage; and the pipes out of the dishwasher do not convey anything back into it.

2 – the kitchen soap dispenser whose great selling point is that it includes a sensor, so that you can get your dollop of soap without having to do anything insanitary like press down on a squirter. Again, being imbeciles, we have never noticed that the first thing you do after pressing down on a (presumably plague-ridden) soap dispenser is… wash your hands.

Here’s the enigma: are these advertisements fatally flawed, foolishly insulting their target market… or are they perfectly crafted, aimed precisely at a market of imbeciles?

The other irritant is a variant on the old “vox pop” technique. Classically, this involves a reassuring third party, such as an interviewer or someone in a white coat, getting totally spontaneous product endorsements out of enthusiastic consumers who are totally surprised at the effectiveness of the product.

The variant (toothpaste being far and away the worst offender) is that when sound-editing your vox pops, you have to remove tiny snippets of silence from between random words. The result sounds something like this:

I am seriously considering applying for that job, snipping out the tiny gaps between words in fatuous vox pops. Then, like one of my literary heroes, Doktor Murke, I would splice them carefully together again and luxuriate in the resulting silence. Listening to it might even bring my blood pressure down again…

I have a System76 Starling netbook, which until this week was running Ubuntu 9 (Karmic Koala). That’s the release it came factory-installed with, and as long as it was getting patched and updated, I was sticking with the “ain’t broke, don’t fix” principle. Previous experience has taught me that the tiniest tweak to an otherwise working Linux system can lock you into a death-spiral of dependencies, upgrades, super-dependencies and so on, until you have no option but to press on because you can’t retreat.

However, when the system updater warned me this week that Ubuntu 9 would not be getting any more patches, I decided it was time to take a deep breath and upgrade to an LTS (Long Term Support) release of Ubuntu 10 (Lucid Lynx). I also reasoned that as Lynx has been out for a while, System76 would have had time to get their hardware-specific driver for the Starling good and ready. So, after backing up all my data to an external drive, I hit the Upgrade button.

All went well, at least in terms of fetching all the packages. Unfortunately, the installation process hung part way through, and after leaving it frozen for half an hour or so (just in case) I sighed, turned the power off, and resigned myself to re-installing from scratch. As I now have an un-bricked Starling running Ubuntu 10.4, this post is simply to point you to the set of resources which worked for me, if you’re in the same position.

Here are some starting assumptions:

You have a Windows machine with which to create your bootable USB image (it can be done with another Linux machine or a Mac, but you’ll have to find your own path in those cases)

Obviously, as the Starling has no CD drive, you’ll a nice big USB stick handy (they say 2Gb, but if you have 3-4Gb I think you’ll be safer, for reasons I explain below)

A wired network connection… this will just make it a lot easier to auto-update with the most recent software updates and the System76 driver.

And here, in the order you will probably encounter them, are the pages which got me through it. There are others, but I found some false trails, and these are the pages which worked for me.

If step (3) works OK, you may not need the tools from step (4); however, the first time I tried it, the USB image boot failed because it couldn’t find a writeable filespace. This error is listed on the Ubuntu help page above, under Known Issues, as “Can not mount /dev/loop1 on /cow”. The Persistent Filespace creator will help you make one of those on the USB stick… which is another reason why I think a 3 or 4Gb stick is probably a good idea.

You may or may not need step (5): frustratingly, when I first booted Lucid Lynx my wireless connection came up flawlessly: I ran the System76 driver and my wireless connectivity disappeared. The thread had some suggestions about making sure the C/C++ libraries (gcc) are definitely installed on your machine, and re-running the System76 driver. I followed those suggestions and it still didn’t work, but after a couple of re-boots and tweaks of the 3G-Wifi switch on the front of the Starling, it all worked again.

As you are probably aware, a revision to the EU’s e-Privacy Directive was recently transposed into UK law as the Privacy and Electronic Communications Regulations 2011, or PECR. PECR means that, as of May 26th 2011, UK websites are required to obtain users’ informed consent before tracking their online behaviour through means such as cookies.

Well-meaning though this legislation may be, there are a number of practical issues with its implementation. As it has never been my intent to invade, subvert or otherwise compromise your privacy, this post is a brief indication of some of those issues, and the possible impact on you as a visitor to this blog.

First, jurisdiction: is this a UK site? Well, I’m located in the UK, and it’s my blog, so I’m going to behave as though it is and assume that PECR 2011 applies to it and to me. However, as Blogger belongs to Google, and Google are notoriously reticent about revealing the location of their data-centres, I have no idea where this blog is actually hosted. I suspect a lot of individuals, small/medium enterprises and organisations are in the same position: wherever they are, their websites may or may not be hosted in the UK, and that may give rise to some question as to whether or not PECR can be enforced.

Second, enforcement. The UK ICO has, allegedly, been ‘pressured’ by the UK government not to enforce PECR, at least for a year while companies figure out what to do about the law. On the one hand, I have little sympathy with this: EU legislation moves at a pretty normal pace for law-making, and PECR has been inching its way down the legislative alimentary canal for many months now. Its emergence should not have come as a surprise to anyone…. but let’s not take that analogy any further. On the other hand, there’s no doubt that the mechanisms for doing a good privacy-respecting job of gathering user consent are sadly lacking. Of course, as the only viable candidate for deploying such mechanisms is the browser, and as the dominant browsers on the planet are all developed outside the EU, that shouldn’t come as a surprise either. On the third hand (as Zaphod could have said) why in Zarquon’s name didn’t Viviane Reding and her merry band of legislators think of that when they were designing the amendment?

Third, practicality. I do use a couple of counters to track visits to the blog: as you can see, there’s a ClustrMaps graphic on the page, and though you can’t see it, Statcounter is also enabled. For those two tools, I can give you the following assurance: I never use them for anything other than an occasional look at how site traffic is trending over time. I sometimes look at the per-country breakdown of visits, and if I’m getting persistent spam comments I may look at the IP address of a specific visitor. However, I never use the tracking details for any other purpose, and never knowingly disclose them to any other entity. I don’t use Adwords or Affiliate Network, nor is it my intent to do so.

However… it is entirely possible that Blogger, as the host of the blog, gathers statistics about both my use of it and your visits to it. Over that, I have no control. Again, I suspect that many, many individuals, organisations and small/medium businesses are in the same position – and as ‘cloud’ computing continues to grow, that situation will grow with it.

That leaves me with two problems:

1 – if you don’t like the relatively minor use of cookies I do make on this site, and/or don’t trust my promise not to abuse the data collected, I’m afraid I don’t have any practical way of gathering your consent (or withdrawal of it). Nor do I have a way of turning cookies off for you while still somehow keeping an eye on site usage. By all means block or delete my cookies at your end, if you have the means to do so; I won’t be offended (in fact, I won’t even know), and as far as I am aware, it won’t affect your ability to browse the site.

2 – if you don’t like the idea that my hosts (either for this blog, or for my website, for instance) may also be setting cookies, I can sympathise, but there’s very little I can do about that. Nor do I think there’s any reasonable expectation that they will ask for your consent via my blog. If you have a problem with that, please leave a comment, and then we can both stare at it and wonder what to do next…

So, what can we expect from the PECR 2011 amendment?

Will it immediately change the way in which companies track your online behaviour? No.

Will it change the way browsers handle cookies and consent? Possibly, over time.

Will it advance the debate over online privacy: I sincerely hope so, even if it’s only through increased discussion, as opposed to immediate improvement.

Will it resolve the tension between technologists who see the law as an inconvenient obstacle to commercial progress, and legislators who don’t understand the technology but want to be seen to be doing something? No. That, regrettably, is something we’re stuck with for the foreseeable future. Welcome to Aldous Huxley’s world.

Having looked at the press release, my first impression of the Directive is that it is seriously unbalanced and needs to be substantially re-worked. As my teachers used (frequently, I’m afraid) to write on my prep: “Adequate as far as it goes, but I need to see more.”

I don’t deny that botnets and the like represent a potential threat to computing infrastructures, and thereby indirectly to interests such as consumer safety, commerce, and even national security – though one should also note that in their recent report for the OECD, Professor Peter Sommer (LSE) and Dr Ian Brown (Oxford University) argue convincingly that the majority of such threats are both localised and short-term in their effect. Let us not, then, rush to fling the cyber-baby out with the bathwater.

If we step back for a moment and balance the cyber-war rhetoric with Sommer and Brown’s more qualified perspective, the obvious shortcoming of the proposed EU Directive is that it focusses entirely on measures to prevent “illegal interception” and legislation against the use of malware… entirely ignoring the point that the technology to abuse online systems is often the same as the technology used to control it. The difference between lawful and unlawful interception is the prefix “un-“, not the means used.

With that in mind, the EU Directive comes across as a piece of work less than half finished. While the policymakers and drafters were considering how to prevent the activities they don’t want, they should have been devoting at least as much effort to considering how to regulate the activities they do want. Badly or insufficiently regulated, those activities do every bit as much social and economic harm as the threats the Directive is keen to stress.

This is by no means just about EU citizens, either. Every instance of bad or incomplete regulatory oversight in our own house is an excuse for repressive regimes to point to that bad example and say “look: that’s how they do it in the EU, so it must be acceptable”. We need only look at the suppression of internet services in Iran, Tunisia, Pakistan, Egypt and elsewhere to see how this leaves the door open to profound and damaging abuse of citizens’ rights and self-determination.

So, for every paragraph about the prevention of illegal activity, the Directive should contain a paragraph about the protection of legitimate activity – including legitimately anonymous and/or pseudonymous activity – and a paragraph about the regulation of law enforcement interception, data retention, content filtering, packet inspection and so on.

Regrettably, the Directive comes from the office of Cecila Malmström, the EU’s Home Affairs Commissioner, and her reported views on this kind of thing do not inspire optimism. At the recent CPDP2011 conference in Brussels, she was quoted as having said “data retention is here to stay”. When the captains of industry say things like “privacy is no longer the social norm”, it makes them look ignorant. When policymakers simply acquiesce with such views, it makes them look dangerous.

As Hielke Hijmans (Head of Policy and Consultations for the EDPS) succinctly put it, at the same conference: “It’s not good enough for governments and policy-makers to say ‘privacy is dead, get over it’: the challenge for them is to work out how social privacy norms can be protected in an information society.”

I’m afraid that, in the margin of Ms Malmström’s prep, I can only write “B minus. A fair effort, but must try harder.”

By coincidence, the theme of the previous blog post (expectations of privacy in correspondence, electronic or otherwise) also crops up in an article by Simon Jenkins in the Guardian today. Jenkins’ piece is actually about media ethics, but it’s prompted by the renewed media feeding frenzy over a now slightly dusty scandal… revelations that the News Of The World had been hacking into the voicemails of people who they thought might thus provide juicy material for the presses.

At one point, Jenkins notes, the Crown Prosecution Service (i.e. the agency responsible for prosecuting alleged criminals on behalf of the state) advised the police that it was “illegal to hack into a message before, but not after, a recipient had heard it”… much as the 11th US Circuit Court ruled in Rehberg v Hodges.

As the number of forms of electronic communication continues to grow, and governments’ appetite for retention, interception and retrieval of those communications grows correspondingly, let’s just pick that concept apart and see why it’s so absurd – because absurd it surely is.

The idea of an expectation of confidentiality in communications probably has its origins in the establishment of monopolised state postal services. Before that point, you had to have a good reason to trust anyone to whom you gave a letter to deliver to someone else… though in practice those with something particularly sensitive to say also put their trust in means such as encryption and tamper-evident technology. The advent of a universal postal service meant that people had to feel that they could entrust their letters to – essentially – a complete stranger and still be confident that the letter would arrive intact.

There was, then, a clear expectation that a universal postal service should demonstrate great integrity in the handling of the correspondence put into its care – and sure enough, most such services are protected by specific laws to deal with ‘interference with the mails’. In other words, and not to overburden the word “confidence”, a letter from Sandra to Reece is entrusted to Pat as an intermediary. The contents of the letter are intended to be confidential between Sandra and Reece. Pat has no legitimate expectation of reading the letter for himself, because Sandra’s clear intent and expectation is that she is communicating only with Reece.

Now, what happens once Reece receives and opens the letter? Does that act somehow revise Sandra’s intention in sending it – so that, onceit is opened, she intends it to be read by people other than Reece? I don’t see why we should make that assumption. But just for the sake of it, let’s imagine that what Reece finds when he opens the envelope is another envelope: this one has written on it “Confidential: for Reece only”. So in this instance Sandra has made her intention and expectations explicit.

Reece opens the second envelope and finds inside a message which says “Dear Reece, I don’t want you to tell anyone else this, but I have discovered that I have a fatal disease, and probably only months to live”. Again, I don’t see anything in the act of Reece opening the inner envelope which revises Sandra’s intention and expectations in writing to him and him alone. She even says, in the contents, that she wants Reece to keep this information to himself… and that seems to me to be a legitimate expectation.

Of course, merely by disclosing the fact of her illness to Reece, Sandra is making it possible for Reece to disclose it to someone else – but I think there’s a clear difference between making that disclosure possible, and expecting or intending it to take place.

That is why I think it’s so perverse to rule that the act of opening a letter changes the sender’s legitimate expectation of the confidentiality of the contents. It’s also why I wonder whether initiatives like the Privicons plug-in – while doubtless well-intentioned – might have preverse consequences. After all, if there’s a button you can click which says “don’t share this email”, won’t that be taken to imply that – if the email has no such icon attached – you don’t mind it being shared? All in all, I think I’d be happier if we start with no “this email is sent in confidence” button – because I think the fundamental assumption should be that emails are confidential unless it’s explicitly stated otherwise.

It’s possible that that assumption is broken; but if so, that argues in favour of mending it, not discarding it.

With that in mind, I wish you a happy Data Privacy Day for tomorrow, Jan 28th.. I encourage you to spend it considering what digital footprints you leave in the course of the day, and to what extent they involve any consent and control on your part.

Post navigation

Please note:

This blog contains a mixture of "personal" and "work-related" posts, if you choose to make that distinction. None of the opinions expressed should be taken to represent either the views or policies of my employer.